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(54) Apparatus and methods for granting access to computers 

(57) When a computer user is granted access to certain capabilities of a computer he is often given a 
password signifying these capabilities. A problem arises in that unauthorised users may copy the 
password and so gain access to the capabilities. In the present invention an enciphered message 
relating to capabilities is stored in the tamper-resistant store 14 of a token 10. The store 14 also holds 
the secret key of a public key encryption system so that the enciphered message and a distinctive 
message can be transformed ("signed") using the secret key and passed to the computer. The 
corresponding public key may then be used by the computer to carry out an inverse transverse form 
and check the enciphered and distinctive messages against signals sent from the token. If this check is 
successful the required access is granted. Preferably the public key is part of the enciphered message, 
especially where the token grants access to a distributed or fragmented computer system, since this 
avoids the necessity of making public keys available throughout a computer system. 



PAD 



43 



DJSPlAy 



I/O 



STOP£ 



>f4 



rffCRoco/fPorsR 



^0 




PAD 



/J 



I/O 



STORE 



/f/cPoco/fPor£M 



/2 




S£C/?£r/^£Y 



PUBUCI^£y 



/<7 



^VAUD/mrVMID 



ON£MRy 
FUNCT/ON 




TRANSFORM 




/NY£RS£ 
TRANSFORM 




ONFWAy 
FUNCT/ON 










22^ 







f^.2 



.1 ^ 3 4 4 



2J3 



FOR c/ip/iB/ums 



CO/iB/N£ R£aU£ST 
W/rn £NCyPH£R£D 

commAT/oNS and 

DJSr//VCT/V£ mSSA6£ 



D/SPIAV R£QU£Sr 



-31 



-33 



£NT£R PIN 



-34- 




36 



L 



0N£ WAV 
FUNCTION 



TRANSFORM 
(SIGNATURE) 



TRANSMIT 
TO 

COMPUTER 




DISABLE TOKEN 



TRANSMIT 
REOUEST 
M£SSAGE 
TO COMPUTFR 



-37 



-38 



-4Z 



(token) 



5/3 



FMrf TOKEN 



4S 



S/3NATURE 



48^ 



//AVERSE TRANSFORM 
USJ/V6 PUBL/C KEY 



FROAf TO/^EN 



44 



RECE/VE 
REaUEST 
TiESSAGE 



46 

_z 



DEC/PHER 
PUBL/C KEY 
t£ CAPAB/LITtES 



ONE WAV FUNCTfON 
ON REaUEST 
NESSA6E 



49 



/S 

S/GNATURE 
CORRECT 9 



N 



Fig. 4 b 

(cOTfPUTER) 




CAPAB/l/T/ES 
GRANTED 



ACCESS 
REFUSED 



1 



GB2 154 344A 



1 



SPECIFICATION 

Apparatus and methods for granting access to computers 

5 The present invention relates to methods and apparatus for providing authorised users with 5 
access to restricted facilities such as "capabilities" of a computer. Any access facility offered by 
a computer can be coded in a record known as a capability and associated with a user who is to 
be allowed use of that facility. The coded record may relate to a certain mode of access to 
stored file, for example read, write, append, run program, and the record then contains at least 
10 two fields: 10 
file identity, access mode. 

For each user, a file or files of capabilities are stored in the computer. As part of the rules of 
access control, these are carefully protected by hardware or software methods to prevent illegal 
manipulation of capabilities, such as illegally creating new ones or copying those belonging to 

1 5 other users. Therefore, capabilities are not allowed outside the computer's protected store and 1 5 
are treated in a different way from other stored data. 

The term "computer" in this specification comprises a distributed system of separate 
machines as well as a single machine. 

If a user is given information, for example in the form of a password and the numbers of 

20 certain files, so that he can access the computer, he can also pass this information on to another 20 
user. This is so even if the first mentioned user is only allowed an enciphered form of the file 
numbers which the computer translates before giving access, and may do so in a way which 
gives only limited specified capabilities to the user. Further, owners of data or programs may 
wish to give an access message to certain other persons, such as licensees, but not wish to have 

25 this message copied. 25 
Authentication for other purposes than providing access to computer capabilities has been 
achieved using a public key encryption system in which, for example, a message can be 
transformed using a secret key and transformed back to its original form (inverse transformed) 
using a public key but the secret key cannot be determined from a knowledge of the public key 

30 or from transformed messages. Public key encryption systems are well known and have been 30 
described many times, notably by Rivest, Shamir and Adleman in "A method for obtaining 
digital signatures and public key cryptosystems". Communication of the Association for 
Computing Machinery, Volume 21, No. 2, February 1978, page 120. Digital signatures of 
another kind have been described by Ong, Schnorr and Shamir. 

35 In order to authenticate a message the signer has in some known methods employed a 35 
computer to calculate a digest of the message, for example using a one-way function, and then 
he has entered his secret key to transform the result. The transformed digest together with the 
message itself are passed to the recipient who uses the public key to inverse transform the 
transformed digest and he compares the result with the digest which he calculates himself 

40 according to known rules. If the two are equal then the message is authenticated. This 40 
procedure is described by D.W. Davies and W.L Price in the paper "The application of digital 
signatures based on public key cryptosystems", Proc. 5th ICCC, Atlanta Ga., October 1980. 

In this specification "transformation" or "transforming" are operations carried out in a system 
which has two keys either of which may be used for transformation when the other key is 

45 required for inverse transformation. However the knowledge of one key does not allow the other 45 
key to be determined even when a transformed message is available, thus preventing both of 
the operations of transformation and inverse transformation. 

Authentication apparatus is known for the purpose of automatically creating digital messages 
using input messages from a particular source. The automatically created messages can be 

50 positively identified as originating from the source if the input messages are available. Such 50 
automatically created messages are known as digital signatures and such apparatus is herein- 
after referred to as a signature token. 

To overcome the above-mentioned problem of giving access to computer capabilities an 
authentication method, apparatus and a programmed computer according to first, second and 

55 third aspects of the invention are provided. 55 
An authentication method according to the first aspect of the invention for granting access to 
a computer comprises 
as a preliminary step, 

storing a secret key in authentication apparatus together with enciphered information 
60 representing the capabilities to be granted by the compter and either the public key correspond- 60 
ing to the secret key or information which identifies the public key, 
and as steps employed when access is to be granted. 

using the authentication apparatus to form one part of an output message to contain the 
enciphered information and transforming as hereinbefore defined, using the secret key, a 
65 distinctive message to generate another part of the output message, 65 
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using the computer to decipher the enciphered information and inverse transform the said 
other part of the output message using the public key, and 

comparing digital signals representing the result of the inverse transform with digital signals 
representing the distinctive message or information derived therefrom and granting the required 
5 access only if the digital signals compared are the same. 5 

Authentication apparatus according to the second aspect of the invention for providing access 
to a computer comprises 

a store containing a secret key for carrying out a transformation as hereinbefore defined and 
enciphered information representing capabilities to be granted by a computer and either the 
10 public key corresponding to the secret key or information which identifies the public key, 10 

input/output means for receiving and transmitting electrical digital messages to, and from, 
the apparatus, and 

means for forming one part of an output message to contain the enciphered information and 
for transforming, using the secret key, a distcintive message, or a message determined 
1 5 therefrom, to generate another part of the output message. 1 5 

An advantage of the invention is that capabilities are stored outside the computer or computer 
system in a secure way so reducing the storage requirements of the computer or system. This 
advantage is significant where many users have access to many computers, since capabilities 
are stored only once. 

20 The authentication apparatus of the second aspect of the invention may be regarded as 20 
digitally signing the distinctive message and may therefore be regarded as a special form of a 
signature token. 

The distinctive message may comprise at least one of the following: an indication of where the 
output message stands in a sequence of such messages, the time of day, the date and a random 
25 number. 25 

Preferably the apparatus, in operation, combines the distinctive message and the enciphered 
message before transforming the combination to form the said other part of the output message. 

According to the third aspect of the invention there is provided 

a computer programmed 

30 to deciphere one part of a message transmitted to the computer, the said one part containing, 30 
in enciphered form, information representing access to computer capabilities and a public key or 
information identifying the public key, and 

to inverse transform another part of the message using the public key to determine whether 
the result after inverse transformation contains a predetermined distinctive message, and 
35 if so to provide the access conferred. 35 
Where the said other part of the output message from the autentication apparatus is expected 
to include, in transformed form, the said one part of the output message, the computer is 
programmed to provide access to capabilities only if on inverse transforming the said other part 
of the output message, the public key and the capabilities are so contained in the said one part. 
40 The authentication apparatus preferably pre-processes messages in the way mentioned above 40 
to provide shorter messages for transformation and the computer carries out the same pre- 
processing before granting access on the basis of a correct inverse transformed message. 

By using a signature token to sign the distinctive message and preferably the enciphered 
message at the time a request for access is made, the use of copied access messages is 
45 prevented. 45 
According to a fourth aspect of the present invention there is provided authentication 
apparatus which can easily be held In one hand and comprises 

input/output means for receiving electrical digital messages to be "transformed" and for 
transmitting transformed messages, 
50 an electrical store which is physically tamper-resistant holding a secret electrical digital key for 50 
use in carrying out transformation as hereinbefore defined, the key being so stored that it cannot 
be read out by applying signals to the apparatus. 

transformation means for transforming, when enabled, an input message or a message related 
thereto using the secret key to generate an output message for transmission by the input/output 
55 means, 55 
enabling means for enabling the transformation means on receipt of a personal input to the 
apparatus direct from a particular person or at least one of a particular group of persons, the 
personal input being specific to that person or those persons, and 

a display for displaying at leat part of the message to be transformed. 
60 The enabling means may include a keyboard and means for recognising a personal 60 
identification number (PIN), transformation only taking place when the correct PIN number has 
been entered by way of the keyboard. An alternative authorising means may include a graphical 
input means and means for recognising a signature written thereon. Where the enabling means 
includes a keyboard, the need to send the PIN through a separate terminal which may not be 
65 completely secure is avoided. 65 



3 



GB2 154 344A 



3 



45 



50 



Certain embodiments of the invention are now described with reference to the accompanying 
drawings, in which: — 

Figure 7 is a block diagram of apparatus according to the invention. 
Figure 2 is a flow diagram illustrating the generation of a digital signature, 
5 Figure 3 is a schematic view of apparatus of Fig. 1 coupled to a computer terminal, and 5 
Figures 4a and 4b are flow diagrams of a request for access to a computer system. 
An essential part of controlling access to capabilities of computer systems is apparatus, for 
example a token which can store certain information, as is explained later, and provide a digital 
signature. Such a token is therefore first described, 
10 In Fig. 1 the housing for a token is represented by a line 10 and may for example be a thin 10 
plastic card containing integrated circuits, or a small container. Many other suitable housings 
can be envisaged, the main requirements being small size for convenience of handling and 
difficulty of removing the, or at least one of the, integrated circuits without damaging it. 
The token includes an input/output port 1 1 which may take many forms such as electrical 
1 5 contacts, or a transmitter and receiver for ultrasonic, induction, optical or electromagnetic 1 5 

linkage. Where the housing is in the form of a card or flat container, it may be placed on a shelf 
to allow optical or other communication to be established, and a light source may be provided to 
project light on to solar cells on the token to provide power for the integrated circuits. The token 
may instead be powered by way of electrical contacts, induction or by a battery. 
20 The token includes a microcomputer 12 whose functions include recognising a personal 20 
identification number (PIN) entered by way of a key pad 1 3, using a one-way function to 
transform data entered by way of the port 11, and transforming the result using the RSA 
alognthm mentioned above and a secret key held in a store 14. In order to safeguard the secret 
key the store 1 4 is tamper-resistant and may comprise a volatile store located in a module which 
25 also contains a battery or battery connections for the store, the module being so constructed 25 
that the store is cleared if an attempt is made to obtain the secret key by opening the module. 
The token may include means for overwriting the contents of the store when power is reduced 
or removed from it or when a short circuit is applied to the power supply of the token. In 
addition the store may be attached to a pre-stressed member which breaks it should an attempt 
30 be made to open the housing or a module containing the store. 30 
The token Is so constructed and/or programmed that it is impossible to read out this key by 
way of the input/output port 1 1 regardless of what signals are applied to the port. 

The microcomputer 12 also controls a display 13 to display the type of operation being 
carried out, for example access to a computer, and also other information which may be 
35 relevant. 2g 
When a digital signature is required information to be signed is represented in digital 
electronic form and handled according to the flow diagram of Fig. 2. The information is passed 
as digital signals by way of the port 1 1 to the token where the user enters his PIN via the key 
pad 13, and the microcomputer 12 checks this number. If satisfactory the microcomputer pre- 
40 processes the information in an operation 1 7 according to a stored program. The pre-processing 40 
IS earned out using a one-way (that is non-reversible function which is not secret but provides an 
output which depends on every item making up the information. A suitable method of carrying 
out pre-processing is described by D.W. Davies and W.L. Price in the above-mentioned paper. 
The resultant message must be drawn from a large set so that if a fraudulent change were made 
m the message it would be almost impossible to find a suitable change which on transformation 
would result in the same resultant message. One reason for carrying out the transformation is 
that the time taken for transformation is reduced to avoid intolerably long transformation times. 

Using the public key encryption system and the secret key held by the token the number 
derived by means of the one-way function is transformed by the microcomputer again using a 
stored program in an operation 18 and the number obtained is the digital signature which is 
transmitted with the plain text. In this way neither the secret key nor the PIN leaves the token 
10 and therefore they cannot be copied. 

In order to validate the signature generated in the way described above, the message passed 
to the token, which for computer access applications is locally available, is processed using the 
55 same one-way function as is used in operation 1 7 by carrying out a further operation 21 in a 
computer (not shown) in Fig. 2. In addition the signature transmitted to the checking computer 
as indicated by a line 19 is inverse transformed in an operation 22 using the originator's public 
key. The signature is only validated if operations 21 and 22 both provide the same number. 
Although the information and signature can be copied, the information cannot be altered to 
60 change any item since if such a change were made a new signature would be required or the 60 
authentication procedure would fail. Only the authorised signatory using the correct token can 
provide a new signature. 

An example of controlling access to capabilities of a computer system will now be considered. 
^''^^ accessed only by entering a specific message which identifies the file and 

bb whether it can be read, amended or enlarged. The message therefore confers a capability of the 65 
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computer to a person who knows the message. If it is required to prevent forgery of these 
messages, a particular user may be given a message in enciphered form and when the user 
enters this form the computer system deciphers it to provide access to the required file. 
However the user who is given the enciphered form can pass it on to other users who may not 
5 be authorised for access to this particular file. The problem can be overcome by a method which 5 
is now described. 

A public key and a corresponding secret key are created and the secret key is sealed in a 
signature token such as that of Fig. 1 . According to the invention capabilities are also stored by 
a user and any computer which is to generate capabilities for storage by a user must first 

10 identify the user. To do this the user's identity is established in some way and the public key of 10 
the user's token, pk, is introduced to the computer. For example, the user may become a 
subscriber to a commercial system, where the user pays for the service received. In another 
example, the computer's facilities may be restricted or confidential, and then the user's 
acceptability is attested by another user, such as a responsible officer. 

1 5 The computer or system granting capabilities employs a secret key kos to encipher capabilities 1 5 
for external storage. The capabilities are usually enciphered together with the user's public key 

and the enciphered combination can be expressed as: 

^kos (P*^' identity, access mode) 

These data, or similar data for other capabilities, link the user identity represented by the key pk 

20 with the coded form of the capability as used internally. In an alternative and shorter form, the 20 
key pk may be replaced by the user identity and a separate table in the computer gives the key 
pk as a function of user identity. However it is advantageous to use pk as will be described 
below. Because the key kos is a secret of the computer, new capabilities for external storage 
cannot be created by users. The cipher used may be a symmetric cipher, with kos as its key, or - 

25 it can be a public key cipher with secret key kos. The public key cipher is most useful in a 25 
fragmented system, as described below. 

The enciphered combinations are stored in the token which is then ready for use. Alternatively 
these combinations and the secret key may be stored in the user's workstation. More than one 
enciphered combination can be stored giving different capabilities or groups of capabilities and 

30 the combinations are then so stored that the function of each can be identified and the required 30 
combination selected for use. 

The token 1 0 (or the user's workstation may now be coupled (for example by plugging in) to 
a terminal 25 (see Fig. 3) of the, or one of the computers of a system and caused to initiate a 
request for access (operation 31 of Fig. 4a which relates to the token) by making an appropriate 

35 entry on its keyboard, A request for access is started by constructing (operation 32) an access 35 
request message, for example: 

access request, list of enciphered combinations (containing capabilities), sequence number of 
date/time. 

The sequence number of date/time are considered to be one form of a distinctive message, and 

40 this message may alternatively be previously obtained from the computer and may be instead 40 
of, or in addition to, the sequence number or the time and date comprise a random number If 
the distinctive message is obtained previously it is now combined, usually by concatenation, by 
the token with a signal representing the request and that at least one of the above-mentioned 
enciphered combinations. The signature token indicates on its display (operation 33) that an 

45 access request message is to be signed, the user enters his PIN (operation 34) and if this is 45 
correct (test 35), the request message (access request, list of enciphered combinations sequence 
number or date/time) is sent to the computer in an operation 42, and the one-way function is 
applied in an operation 36, the signature is calculated using the stored secret key (operaton 37) 
and sent to the computer (operation 38). This process has an additional step to that described in 

50 connection with Fig. 2 in that the sequence number, data/time or the distinctive message which 50 
can be regarded in relation to Fig. 2 as the input for the operation 18 (if the operation 1 7 is 
omitted) is combined with the request and the enciphered combination before the signature is 
generated. 

The signature can be represented as 

55 {Request, E^os (Ct, pk), X} signature 55 
where E^^s represents enciphering by the computer using the master key kos, 
Ct represents the access message or capability conferred on the user, 
pk represents the public key corresponding to the secret key held by the token, and 
X represents the distinctive message. 

60 If the PIN is incorrectly entered more than three times the token is disabled (test 39 and 60 
operation 41 ). 

Both the request message and the signature are received in operations 44 and 45 (see Fig. 
4b relating to the computer) by the computer from the token. The computer uses the key kos to / 
decipher the public key and the capabilities (operation 46) and then carries out the one-way * 
65 function (operation 47). If more than one enciphered combination is received the computer may 65 
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verify that all the public keys are the same. In an operation 48 the public key is used to inverse 
transform the signature and then a test 49 is carried out to check the signature by comparing 
the access message (after the one-way function obtained by way of operations 46 and 47) with 
the result obtained by way of operations 45 and 46. if the signature is verified, the access 
5 message is used to confer the capabilities requested (operation 50), otherwise access is refused 5 
(operation 51). 

The sequence number or date and time is included in the request in order to prevent the re- 
use of the message at a later time. If a sequence number is used, the computer is able to check 
the correct sequence using a record of the last sequence number from this user. Such checking 

10 may be relaxed if the sequence number is administered by the token. 1 0 

If the message which is to be signed is lengthy pre-processing (operation 36) to form a 
shorter message is used together with the corresponding operation 47 but otherwise these 
operations may be omitted. 

As an alternative to storing the public key in the token, the request may contain the user 

15 identity when the computer extracts the public key from its files. Then in operation 46, the 1 5 

public key is identified for use in operation 48 from the identifying information in the request. 

In this way the capability given to the signature token holder can only be used when the 
token is interfaced with a terminal, that is in effect, when he is present. Copying of capabilities 
for use by another person is thus prevented. 

20 The application of the signature token for access to computer systems described above is 20 
particularly useful where a computer system is widely distributed, for example between several 
countries, since the holder of a token can move from one country to another and use his token 
at any terminal in the system. The token may contain a number of different capabilities which 
apply in different areas and give access to local capabilities only. 

25 Most distributed computer systems are connectedd by communication networks so they can 25 
operate as a single system. It is sometimes more convenient in widespread systems to use only 
off-line connections, sending files by bulk transmissions at intervals. Such a system is known as 
a fragmented' computer. An isolated computer in such a system must make access control 
decisions using the data it holds and the access request messages it receives. When there are 

30 large numbers of users (for example in a world-wide videotext service) it may be costly to store 30 
tables of all user identities and their public keys at all locations. 

The system of operation in which the user's public key pk is included in the external capability 
avoids the need for local records of all users. 

In order to establish a user's authenticity, the computer must decipher the enciphered 

35 combination so that the public key can be used to check the signature. If a symmetric cipher is 35 
used, the cipher key kos must be distributed to all parts of the system. If a public key cipher is 
used, those parts which do not need to create new capabilities need only be given the public 
key. 

Any part of the system which holds the enciphered key may be allowed to create new 
40 capabilities, complying with the access rules of the system. 40 
The programming and modification of a computer and a terminal forming part of the 
computer is not described in more detail than the above description since it is within the 
capabilities of those skilled in the art. 

From the above it will be seen that the invention may take many other forms and be used in 
45 many other ways from those specifically mentioned. The computers whose capabilities are 45 
mentioned above have many different uses, for example in data bases and computer aided 
engineering. 

CLAIMS 

50 1 . A method of granting access to a computer comprising 50 
as a preliminary step, 

storing a secret key in authentication apparatus together with enciphered information 
representing the capabilities to be granted by the computer and either the public key 
corresponding to the secret key or information which identifies the public key. 
55 and as steps employed when access is to be granted, 55 
using the authentication apparatus to form one part of an output message to contain the 
enciphered information and transforming as hereinbefore defined, using the secret key, a 
distinctive message to generate another part of the output message, 

using the computer to decipher the enciphered information and inverse transform the said 
60 other part of the output messag using the public key, and 60 
comparing digital signals representing the result of the inverse transform with the digital 
signals representing the distinctive message or information derived therefrom and granting the 
required access only if the digital signals compared are the same. 

2. A method according to Claim 1 wherein the said one part of the output message also 
65 includes the distinctive message. 65 
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3. A method according to Claim 1 wherein, when access is to be granted, the computer 
originates the distinctive message and supplies it to the authentication apparatus before the 
output message is formed. 

4. A method according to Claim 1 , 2 or 3 wherein the distinctive message is combined with 

5 the enciphered information and transformed with the enciphered information in generating the 5 
said other part of the output message. 

5. A method according to Claim 4 including pre-processing the information for the said 
other part of the output message using a one-way function, and comparing the result of the 
inverse transform with a result obtained by pre-processing the distinctive message and the 

1 0 enciphered information in the same way before granting access. 1 0 

6. A method according to any preceding claim wherein the distinctive message comprises at 
least one of the following: an indication of where the said output message stands in a sequence 
of such messages, the time of day, the date, and a random number. 

7. A method according to any preceding claim wherein the authentication apparatus is a 

1 5 signature token or a workstation. ^ 5 

8. Authentication apparatus for providing access to a computer comprising 

a store containing a secret key for carrying out a transformation as hereinbefore defined and 
enciphered information representing capabilities to be granted by a computer and either the 
public key corresponding to the secret key or information which identifies the public key, 
20 input/output means for receiving and transmitting electrical digital messages to, and from, 20 
the apparatus, and 

means for forming one part of an output message to contain the enciphered information and 
for transforming, using the secret key, a distinctive message, or a message determined 
therefrom, to generate another part of the output message. 
25 9. Authentication apparatus according to Claim 8 wherein the apparatus is arranged to form 25 
the said one part of the output message to contain the distinctive message. 

10. Authentication apparatus according to Claim 8 or 9 wherein the apparatus is con- 
structed to combine the distinctive message and the enciphered information before transforming 
the combination to form the said other part of the output message. 
30 11. Authentication apparatus according to Claim 8, 9 or 1 O arranged to pre-process the 30 
information from the said other part of the output message according to a one-way function in 
generating the said other part. 
12. A computer programmed 

to decipher one part of a message transmitted to the computer, the said one part containing, 
35 in enciphered form, information representing access to computer capabilities and a public key or 35 
information identifying the public key, and 

to inverse tranform another part of the message using the public key to determine whether the 
result after inverse transformation contains a predetermined distinctive message, and 
if so to provide the access conferred. 
40 1 3. A computer according to Claim 1 2 programmed to obtain the distinctive message from 40 
the said one part of the message for use in determining whether the said result contains the 
distinctive message. 

1 4. A computer according to Claim 1 2 programmed to transmit the distinctive message to 
authentication apparatus when the apparatus initiates a request for access to capabilities of the 
45 computer. 

15. A computer according to Claim 12, 1 3 or 1 4 for use where the said other part of the 
output message from the authentication apparatus is expected to include, in transformed form, 
the said one part of the message, wherein the computer is programmed to provide access to 
capabilities only if on inverse transforming the said other part of the output message, the public 

50 key and capabilities are as contained in the said one part. 50 

16. A computer according to Claim 1 5 for use where the information for the said other part 
of the message is pre-processed according to a one-way function, wherein the computer is 
programmed to pre-process the said one part of the message according to a one-way function 
for use in determining whether the said other part of the message contains the said one part of 

55 the message. gg 
1 7. Authentication apparatus which can easily be held in one hand and comprises 
input/output means for receiving electrical digital messages to be "transformed" and for 

transmitting transformed messages, 

an electrical store which is physically tamper-resistant holding a secret electrical digital key for 
60 use in carrying out transformation as hereinbefore defined, the key being so stored that it cannot 60 

be read out by applying signals to the apparatus, 

transformation means for transforming, when enabled, an input message or a message related 

thereto using the secret key to generate an output message for transmission by the input/output 

means, 

65 enabling means for enabling the transformation means on receipt of a personal input to the 65 



7 



GB2 154 344A 



7 



apparatus direct from a particular person or at least one of a particular group of persons, the 
personal input being specific to that person or those persons, and 
a display for displaying at least part of the message to be transformed. 

18. Authentication apparatus substantially as hereinbefore described with reference to Fig. 1 

5 of the accompanying drawings. 5 

19. An authentication method substantially as hereinbefore described with reference to Figs. 
2 and 4 of the accompanying drawings. 

20. A computer programmed substantially as hereinbefore described to co-operate with 
authentication apparatus in granting computer capabilities. 
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